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Please cancel claim 13. 
Please tmce note that there is no claim 16. 
Please add new claims 19-21. 

Please amend the claims 1, 4, 8, 10, 1 1, 12, 15, and 18 as follows: 



IN THE CLAIMS 



1 . (Currently amended) 



A network address translating gateway connecting a LAN 



to an external network, said LAN using local IP addresses, said gateway having a local IP 
address that can be seen referenced by devices on said LAN and having an external IP address 
that can be seen referenced by devices on said external network, said gateway comprising: 

a plurality of internal tables associating combinations of local IP addresses of local 
devices on said LAN, external IP addresses of external devices on said external network, SPI - In 
values, SPI - Out values, source port addresses, destination port addresses, r e s e rv e d process- 
specific port addresses, and maintaining a list of reserved selected process-specific port 
addresses, 

means for performing normal address translation upon datagrams passing from said LAN 
to said external network and datagrams passing from said external network to said LAN, 

means for delivering a datagram from a local device on said LAN to an external device 
on said external network by receiving a datagram ft-om a local device on said LAN intended for 
delivery to an external device on said external network, and determining whether the destination 
port address for said datagram is included in said list of rcser\^od selected process-specific port 
addresses and, if said destination port address is not included in said list of reserv e d selected 
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process-specific port addresses, performing normal address translation upon said datagram and 
passing said datagram to said external network for routing and delivery to said external device, 

and if said destination port address is included in said list of res e rv e d selected process- 
specific port addresses, determining whether said destination port address is bound to said a local 
IP address of said local d e vic e, and if said destination port address is bound to said a local IP 
address, performing normal address translation upon said datagram and passing said datagram to 
said external network for routing and d e liv e ry to said ext e rnal devic e, 

and if said destination port address is not bound to said a local EP address of said local 
d e vic e, modifying said source IP address of said datagram to be said external IP address of said 
gateway, binding said destination port address to said the local IP address of said local device 
and creating an association between said destination port address and the external IP address of 
said external device, and passing said datagram to said external network for routing and delivery 
to said external device. 

2. (Previously presented) The network address translating gateway of claim 1, 

wherein the means for delivering a datagram from a local device on said LAN to an external 
device further comprises a means for determining whether said datagram is encrypted and, if said 
datagram is encrypted, for determining whether the SPI of said datagram is recorded in the SPI - 
Out field in said internal table and, if said SPI is recorded in said SPI - Out field, modifying the 
source DP address of said datagram to be said external IP address of said gateway and passing 
said datagram to said external network for routing and delivery to said external device. 
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3. (Previously presented) The network address translating gateway of claim 2, further 
comprising if said SPI is not recorded in said SPI - Out field of said internal table, means for 
setting the SPI - In field corresponding to the local IP address of said local device equal to zero 
and setting said SPI - Out field equal to said SPI, modifying said source IP address of said 
datagram to be said external IP address of said gateway and passing said datagram to said 
external network for routing and delivery to said extemal device. 

4. (Currently amended) The network address translating gateway of claim 1, 
wherein the network address translating gateway further comprises means for delivering a 
datagram from said extemal device to said local device by receiving a datagram from said 
extemal device on said extemal network intended for delivery to said local device on said LAN, 
means for determining whether said datagram is encrypted and, if said datagram is encrypted, 
determining whether the datagram's SPI is recorded in said SPI - In field of said internal table 
and, if said SPI is recorded in said SPI - In field, modifying the destination IP address of said 
datagram to be said local IP address of said local device and passing said datagram to said LAN 
for routing and delivery to said local device, 

and if said SPI is not recorded in said SPI - In field of said internal table, determining 
whether said SPI - In field corresponding to said IP address of said extemal device is equal to 
zero and, if said SPI - In field is not equal to zero, discarding said datagram, and if said SPI - In 
field is equal to zero, setting said SPI - In field equal to said SPI, modifying the destination IP 
address of said datagram to be said local IP address of said local device and passing said 
datagram to said LAN for delivery to said local device. 
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and if said datagram is not encrypted, determining whether the destination port address 
for said datagram is included in said list of r e s e rv e d selected process-specific port addresses and, 
if said destination port address is not included in said list of r e s e rv e d selected process-specific 
port addresses, performing normal address translation upon said datagram and passing said 
datagram to said LAN for delivery to said local device, 

and if said destination port address is included in said list of r e s e rv e d selected process- 
specific port addresses, determining whether said destination port address is bound to the a local 
IP address of said local d e vic e, and if said destination port address is not bound to said a local IP 
address, discarding said datagram, and if said destination port address is bound to said a local IP 
address, determining whether said destination port address is associated with the external IP 
address of said external device, and if said destination port address is associated with the external 
IP address of said external device, modifying said destination IP address of said datagram to be 
sm4 the bound local IP address of said local device, unbinding said destination port address from 
said local IP address, and passing said datagram to said LAN for delivery to said local device. 

5. (Previously presented) The network address translating gateway of claim 1, further 

comprising a timer, wherein, upon receiving a signal that a selected process-specific port address 
has become bound to an IP address, said fimer will commence timing for a predetermined length 
of time and, upon the expiration of said predetermined length of time, will send a signal causing 
said selected process-specific port address to become unbound from said IP address, and, upon 
receiving a signal indicating that said selected process-specific port address has become unbound 
fi-om said IP address prior to the expiration of said predetermined length of time, said timer will 
stop timing and will reset. 
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6. (Previously presented) 



The network address translating gateway of claim 1 in 



which said external network is the internet. 



7. (Previously presented) 



The network address translating gateway of claim 6 in 




which said LAN is a virtual private network. 



8. (Currently amended) 



A method of processing IP datagrams from a local device 



on a LAN using local IP addresses through a network address translating gateway to an external 
device on an external network comprising the steps of: 

maintaining a plurality of tables associating local DP addresses of local devices on said 
LAN, extemal EP addresses of external devices on said external network, port addresses of said 
local devices, port addresses of said extemal devices, SPI - In values, SPI - Out values, and 
r e s e rv e d process-specific port addresses, and a list of r e s e rv e d selected process-specific port 
addresses, 

receiving a datagram fi-om said LAN 

determining whether the destination port address for said datagram is included in said 
taWe list of r e s e rv e d selected process-specific port addresses and, if said destination port address 
is not included in said table Ust of r e s e rv e d selected process-specific port addresses, performing 
normal address translation upon said datagram and passing said datagram to said extemal 
network for routing and delivery to said extemal device, 

and if said destination port address is included in said table list of res e rv e d selected 
process-specific port addresses, determining whether said destination port address is bound to an 
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IP address, and if said destination port is bound to an IP address, performing normal address 
translation upon said datagram and passing said datagram to said external network for routing 
and d e liv e ry to said e xt e rnal device , 

and if said destination port address is not bound to an IP address, modifying said source 
IP address to be said external EP address for said e xt e rnal d e vic e gateway , binding said 
destination port address to the local IP address of said local device and creating an association 
between said destination port address and said external IP address of said external device, and 
passing said datagram to said external network for routing and delivery to said external device. 

9. (Previously presented) The method of claim 8, further comprising the steps of: 

determining whether said datagram is encrypted and, if said datagram is encrypted, 
determining whether the SPI in said datagram is recorded in the SPI - Out field of one of said 
plurality of internal tables and, if said SPI is recorded in said SPI - Out field of said internal 
table, modifying the source IP address to be the external IP address of said gateway and passing 
said datagram to said external network for routing and delivery to said external device, and if 
said SPI is not recorded in said SPI - Out field of said internal table, setting said SPI - Out field 
corresponding to the IP address of said external device equal to said SPI and setting the SPI - In 
field of said internal table to zero, modifying said source IP address to be said external IP address 
of said gateway, and passing said datagram to said external network for routing and delivery to 
said external device. 
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10. (Currently amended) A method of processing IP datagrams from an external device on 
an external network through a network address translating gateway to a local device on a LAN 
using local IP addresses, comprising the steps of 

maintaining a plurality of tables associating local IP addresses of local devices on said 
LAN, external IP addresses of external devices on said external network, port addresses of said 
local devices, port addresses of said external devices, SPI - In values, SPI - Out values, and 
res e rved process-specific port addresses, and a list of r e s e rv e d selected process-specific port 
addresses, 

receiving a datagram from said external network 

determining whether said datagram is encrypted and if said datagram is not encrypted, 
determining whether the destination port address for said datagram is included in said list of 
r e s e rv e d selected process-specific port addresses, and if said destination port address is not 
included in said list of reserved selected process-specific port addresses, performing normal 
address translation and passing said datagram to said LAN for routing and delivery to said local 
device, 

and if said destination port address is included in said list of r e s e rv e d selected process- 
specific port addresses, determining whether said destination port address is bound to said a local 
IP address, and if said destination port is not bound to said a local IP address, discarding said 
datagram, 

and if said destination port address is bound to said a local IP address, determining 
whether said destination port address is associated with the external IP address of said external 
device, and if said destination port address is associated with said external IP address of said 
external device, modifying said destinafion IP address to be said the bound local IP address of 

{M2055902;2} 

10 



said local device, unbinding said destination port address from said local IP address, and passing 
said datagram to said LAN for routing and delivery to said local device. 

11. (Currently amended) The method of claim 10, wherein the method further comprises the 
steps, if said datagram is encrypted, of: 

determining whether the SPI in said datagram is recorded in the SPI - In field of one of 
said plurality of internal tables and, if said SPI is recorded in said SPI - In field of said internal 
table, modifying the destination IP address to be the internal local IP address of said local device 
and passing said datagram to said LAN for routing and delivery to said local device, 

and if said SPI is not recorded in said SPI - In field of said internal table, determining 
whether said SPI - In field corresponding to the IP address of said external device is zero, and if 
said SPI - In field is not zero, discarding said datagram, 

and if said SPI - In field is equal to zero, modifying said SPI - In field to be said SPI, 
modifying said destination DP address to be said local IP address of said local device, and passing 
said datagram to said LAN for routing and delivery to said local device. 

12. (Currently amended) The method of processing IP datagrams as claimed in claim 11 
claim 8 , further comprising the steps of starting a timer whenever said d e stination a selected 
process-specific port address becomes bound to said local IP address of said local device, 

resettling said timer whenever said destination port address has become released, 
and sending a signal whenever said timer is active and a predetermined length of fime has 
expired from the time said timer was started. 



{M 2055902 ;2} 



11 




13. (Cancel) The method of processing IP datagrams as claimed in claim 12, further 
comprising the steps of starting a timer whenever said destination port address becomes bound to 
said local IP address of said local device, 

resetting said timer whenever said destination port address has become released, 
and sending a signal whenever said timer is active and a predetermined length of time has 
expired from the time said timer was started. 

14. (Previously presented) The method of processing IP datagrams as claimed in claim 
1 1, in which said external network is the internet. 

15. (Currently amended) The method of processing IP datagrams as claimed in claim 
d of proc e ssing IP datagrams as claim e d in claim 11 in which said LAN is a virtual private 
network. 

16. - Missing 

17. (Previously presented) The method of processing IP datagrams as claimed in claim 
12 in which said LAN is a virtual private network. 

18. (Currently amended) A machine readable storage, having stored thereon a 
computer program having comprising a plurality of code sections executable by a machine and 
for connecting a LAN to an external network via a network address translating gateway, wherein 
said gateway having a local IP address that can be seen referenced by devices on said LAN and 
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having an external IP address that can be seen referenced by devices on said external network, 
and further including comprising a plurality of internal tables associating combinations of local 
IP addresses of local devices on said LAN, external IP addresses of external devices on said 
external network, source port addresses, destination port addresses, r e s e rv e d process-specific 
port addresses, and a list of r e serv^ e d selected process-specific port addresses including at least 
port 500 , for assisting causing the machine to perform the steps of: 




att e mpting to deliver processing a datagram from a local device on said LAN to an 
external d e vic e on said oxtomal n e twork by receiving a datagram from a local device on said 
LAN intended for delivery to an external device on said external network; 



determining whether the destination port address for said datagram is included in said list 
of r e s e rv e d selected process-specific port addresses and determining whether said destination 
port address is bound to said a local IP address of said local devic e on said LAN : 

and if said destination port address is not included in said list of selected process-specific 
port addresses, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device if said 
destination port addr e ss is not includ e d in said list of r e s e rv e d port addr e sses ; 

and if said destination port address is included in said list of selected process-specific port 
addresses, and said destination port address is bound to a local IP address, performing normal 
address translation upon said datagram and passing said datagram to said external network-fer 
routing and delivery to said e xt e rnal d e vic e , if said destination port address is included in said 
list of r e s e rv e d port addr e ss e s and if said d e stination port address is bound to said local IP 
addr e ss ; 
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and if said destination port address is not bound to a local IP address on said LAN. 
modifying said source EP address of said datagram to be said external EP address of said gateway, 
binding said destination port address to said the local TP address of said local device and creating 
an association between said destination port address and the external IP address of said external 
device, and passing said datagram to said external network for routing and delivery to said 
external device if said d e stination port addr e ss is not bound to said local IP addr e ss of said local 
devic e. 

19. (New) The network address translating gateway of claim 1 wherein said list of selected 
process-specific port addresses comprises port 500. 

20. (New) The method of claim 8, in which said list of selected process-specific port 
addresses comprises port 500. 

21. (New) The method of claim 10, in which said list of selected process-specific port 
addresses comprises port 500. 
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